Legal

Security

ComplyChase AI is designed around private document collection, controlled access, and clear proof records for client document workflows.

Last updated: 1 June 2026

Document storage

Uploaded client documents are stored in private object storage, not as database blobs or public web folders.

Downloads are served through signed temporary URLs. Files are not exposed through permanent public links.

Workspace isolation

Each firm works inside its own workspace. Staff roles control who can manage clients, documents, settings, and billing.

Users only see data for workspaces they belong to.

Upload links

Client upload links can expire, be disabled, restrict file type and size, and are rate limited to reduce abuse.

Upload events are recorded in activity logs so your team can see when proof was received.

Operational controls

The application uses security headers, login throttling, file validation, activity logs, and private storage buckets.

Reminder sends, document uploads, and key user actions are logged for audit visibility.

Reporting concerns

If you believe you have found a security issue, email hello@complychaseai.com with steps to reproduce, affected URLs, and potential impact.

Please do not publicly disclose issues until we have had a reasonable opportunity to investigate and remediate.

Security contact file: https://complychaseai.com/.well-known/security.txt

Learn how secure upload links and private storage work in our secure document portal for accountants guide.

Questions about this page?

Contact hello@complychaseai.com and include the page name in your message.

FAQ

Questions about this policy

How are upload links secured?

Links are tokenised, time-limited, and do not expose your full workspace to clients.

Where is data hosted?

See the Security page for infrastructure, encryption, and access-control details.